summaryrefslogtreecommitdiffstats
path: root/Lib/cgi.py
Commit message (Collapse)AuthorAgeFilesLines
* "ib" should be "boundary"; reported by Neal Norwitz.Fred Drake2001-10-131-1/+1
|
* Class FieldStorage: add two new methods, getfirst() and getlist(),Guido van Rossum2001-09-051-0/+22
| | | | | | that provide a somewhat more uniform interface to getting values. This is from SF patch #453691.
* Whitespace normalization.Tim Peters2001-08-091-3/+3
|
* Fix a denial-of-service attack, SF bug #443120.Guido van Rossum2001-07-251-4/+14
| | | | Code by Evan Simpson.
* Solve SF bug #231249: cgi.py opens too many (temporary) files.Guido van Rossum2001-06-291-4/+12
| | | | | | | | | | | | | | | | | | | | | | class FieldStorage: this patch changes read_lines() and co. to use a StringIO() instead of a real file. The write() calls are redirected to a private method that replaces it with a real, external file only when it gets too big (> 1000 bytes). This avoids problems in forms using the multipart/form-data encoding with many fields. The original code created a temporary file for *every* field (not just for file upload fields), thereby sometimes exceeding the open file limit of some systems. Note that the simpler solution "use a real file only for file uploads" can't be used because the form field parser has no way to tell which fields correspond to file uploads. It's *possible* but extremely unlikely that this would break someone's code; they would have to be stepping way outside the documented interface for FieldStorage and use f.file.fileno(), or depend on overriding make_file() to return a file-like object with additional known properties.
* Add a whole lot of stuff to __all__.Guido van Rossum2001-03-191-3/+6
| | | | | (Excluding the logging stuff, which doesn't lend itself to use via "from cgi import *" -- it manipulates globals.)
* added missing element to __all__Skip Montanaro2001-02-281-1/+2
|
* Added a comment explaining why this file must really have #!Guido van Rossum2001-02-131-0/+9
| | | | /usr/local/bin/python and not #! /usr/bin/env python.
* String method conversion.Eric S. Raymond2001-02-091-27/+26
|
* added __all__ lists to a number of Python modulesSkip Montanaro2001-01-201-0/+2
| | | | | | | | added test script and expected output file as well this closes patch 103297. __all__ attributes will be added to other modules without first submitting a patch, just adding the necessary line to the test script to verify more-or-less correct implementation.
* Whitespace normalization.Tim Peters2001-01-141-27/+27
|
* Make Traceback header conform to new traceback ("innermost last" ->Guido van Rossum2000-12-271-1/+1
| | | | "most recent call last").
* This fixes several bug reports concering memory bloating during largeBarry Warsaw2000-11-061-5/+1
| | | | | | | | | | | | | | | | | | | file uploads. In response to SF bugs 110674 and 119806, and discussions on python-dev, we are removing the self.lines attribute from the FieldStorage class. Specifically touched where methods __init__(), read_lines_to_eof(), and skip_lines(). No one can remember why self.lines was added. Technically, it's part of the public interface for the class, but it was never documented. It's possible clever or nosy code will break because of this, but it was decided to remove it and see who complains. This resolution also closes the second half of the cgi.py entry in PEP 42. The first half of that PEP concerns specifically binary file uploads, where there may be no end-of-line marker for a very long time. This patch does not address that issue.
* Undo Ping's change.Guido van Rossum2000-10-031-1/+1
| | | | | | | | | CGI scripts should *not* use /usr/bin/env, since on systems that don't come standard with Python installed, Python isn't on the default $PATH. Too bad that this breaks on Linux, where Python is in /usr/bin which is on the default path -- the point is that you must manually edit your CGI scripts when you install them.
* Change first line to #!/usr/bin/env python (really just to test check-in).Ka-Ping Yee2000-10-031-1/+1
|
* Patch #101121, by Ka-Ping Yee: cosmetic cleanup of cgi.py, using myGuido van Rossum2000-09-191-37/+37
| | | | | | | | | | | | style conventions. (Ping has checkin privileges but apparently ignores them at the moment.) Ping improves a few doc strings and fixes style violations like foo ( bar ). An addition of my own: rearrange the printing of various items in test() so that the (long) environment comes at the end. This avoids having to scroll if you want to see the current directory or command line arguments.
* Improve the test output a bit.Guido van Rossum2000-09-161-2/+4
|
* fix bug #110661 (PR#356) -- accept either & or ; as separator for CGIJeremy Hylton2000-09-151-16/+15
| | | | | | query string also some doc string reformatting and use of string methods instead of older string.splitfields
* Closing patch #101120 -- After everyone agreed.Moshe Zadka2000-08-251-23/+23
|
* Remove very long doc string (it's all in the docs)Jeremy Hylton2000-08-031-399/+3
| | | | | Modify parse_qsl to interpret 'a=b=c' as key 'a' and value 'b=c' (which matches Perl's CGI.pm)
* Spelling fixes supplied by Rob W. W. Hooft. All these are fixes in eitherThomas Wouters2000-07-161-6/+6
| | | | | | | | | | comments, docstrings or error messages. I fixed two minor things in test_winreg.py ("didn't" -> "Didn't" and "Didnt" -> "Didn't"). There is a minor style issue involved: Guido seems to have preferred English grammar (behaviour, honour) in a couple places. This patch changes that to American, which is the more prominent style in the source. I prefer English myself, so if English is preferred, I'd be happy to supply a patch myself ;)
* Simple changes by Gerrit Holl - move author acknowledgements out ofGuido van Rossum2000-02-281-15/+14
| | | | docstrings into comments.
* Fix a broken r.append(name, value) call, spotted by Tim.Guido van Rossum2000-02-251-1/+1
|
* After more discussion with Jim, change the behavior so that only aGuido van Rossum1999-06-111-9/+1
| | | | | *missing* content-type at the outer level of a POST defaults to urlencoded. In all other circumstances, the default is read_singe().
* Patch by Jim Fulton: new function parse_qsl(), which is likeGuido van Rossum1999-06-041-13/+44
| | | | | parse_qs() but returns a list of (name, value) pairs -- which is actually more correct. Use this where it makes sense.
* At Jim Fulton's request (actually, as a compromise :-), default theGuido van Rossum1999-06-021-2/+2
| | | | | | content-type to application/x-www-form-urlencoded only when the method is POST. Ditto for when the content-type is unrecognized -- only fall back to urlencoded with POST.
* FieldStorage.__init__(): if there is no content-type header, useBarry Warsaw1999-01-081-2/+24
| | | | | | | | | | text/plain for inner parts, but application/x-www-form-urlencoded for outer parts. Honor any existing content-type header. Lower down, if the content-type header is something we don't understand (say because it there was a typo in the header coming from the client), default to text/plain for inner parts, but application/x-www-form-urlencoded for outer parts.
* In read_multi, allow a subclass to override the class we instantiateGuido van Rossum1998-12-091-4/+7
| | | | | | when we create a recursive instance, by setting the class variable 'FieldStorageClass' to the desired class. By default, this is set to None, in which case we use self.__class__ (as before).
* Patch by Jim Fulton, who writes:Guido van Rossum1998-10-201-4/+6
| | | | | | | | | | | | | | """ The FieldStorage constructor calls the read_multi method. The read_multi method creates new FieldStorage objects, re-invoking the constructor (on the new objects). The problem is that the 'environ', 'keep_blank_values', and 'strict_parsing' arguments originally passed to the constructor are not propigated to the new object constructors. This causes os.environ to be used, leading to a miss-handling of the parts. I fixed this by passing these arguments to read_multi and then on to the constructor. See the context diff below. """
* Treat "HEAD" same as "GET", so that CGI scripts won't fail.Guido van Rossum1998-06-251-1/+1
|
* Be more careful than the previous patch. The default content-typeGuido van Rossum1998-06-111-1/+4
| | | | | | should only be set to application/x-www-form-urlencoded when the method is POST. E.g. for PUT, an empty default (defaulting to text/plain later) makes more sense.
* Default content-type to application/x-www-form-urlencoded at the topGuido van Rossum1998-06-091-1/+1
| | | | | level of a form. This means that browsers that omit the content-type header when sending a POST command aren't penalized so heavily.
* Make Tim O'Malley's requested change: in FieldStorage.__init__(), whenGuido van Rossum1998-05-081-1/+2
| | | | | method='GET', always get the query string from environ['QUERY_STRING'] or sys.argv[1] -- ignore an explicitly passed in fp.
* Mass check-in after untabifying all files that need it.Guido van Rossum1998-03-261-534/+534
|
* Use string.replace instead of regsub.[g]sub.Guido van Rossum1997-12-241-7/+6
|
* Use sys.exc_info() where needed.Guido van Rossum1997-09-291-1/+2
|
* Changes suggested by Jim fulton:Guido van Rossum1997-08-121-13/+10
| | | | | - Moved most imports to the top, for faster loadingf when using ni. - Always open the temp file in binary mode.
* Add optional 'quote' flag argument to escape(); if true, translate '"'Guido van Rossum1997-07-191-1/+3
| | | | to '"'.
* Tweak default source of query a bit so it is possible to invokeGuido van Rossum1997-05-281-3/+6
| | | | a CGI script from the command line with not environment variables.
* Reworded the doc string to remove the need for The Emacs font-lock kludge.Guido van Rossum1997-05-281-15/+13
| | | | | This required (re)moving all occurrences of '(' in column 0, as well as changing "#!" to #!.
* Untested changes by Skip Montanaro to have an optional limit on theGuido van Rossum1997-05-131-0/+23
| | | | size of uploads to POST (new version of these patches).
* From: Clarence Gardner <clarence@king.silcom.com>Guido van Rossum1997-04-111-2/+2
| | | | | | The function parse_qs currently calls urllib.unquote on the value of the field submitted, but not on the name. It needs to do both.
* Put back #! /usr/local/bin/python. For cgi scripts, /usr/bin/env isGuido van Rossum1997-02-181-1/+1
| | | | | unlikely to find a python binary, as /usr/local/bin is usually not on the default search path.
* Add __len__ methodGuido van Rossum1997-01-111-0/+4
|
* /usr/local/bin/python -> /usr/bin/env pythonGuido van Rossum1996-11-271-2/+6
|
* Added 'strict_parsing' option to all parsing functions. This causes aGuido van Rossum1996-11-111-11/+27
| | | | | | | | | | ValueError exception when the query string contains fields that don't contain exactly one '=' sign. (By default, such fields are simply ignored.) Added this to the doc string describing parse() and parse_qs(). Also changed the default for keep_blank_values from None to 0 (the preferred way to spell 'FALSE').
* Fix truncated paragraph in doc string.Guido van Rossum1996-10-241-2/+3
| | | | Bump version to 2.0.
* Added logging support.Guido van Rossum1996-09-051-0/+60
|
* Fixed embarrassing logic bug in read_lines_to_outerboundary().Guido van Rossum1996-09-051-2/+3
|
* Emacs font-lock de-bogo-kludgificocityGuido van Rossum1996-08-261-0/+2
|